Database Administrators Stack Exchange is a question and answer site for database professionals who wish to improve their database skills and learn from others in the community. It's 100% free, no registration required.

According to this answer, it's not possible to have a fully secure database encryption with pgcrypto.

Now, 2 years later (in postgresql 9.3) is there any new extension or new method to have a secure database encryption, or doing this on the application server is still the only way to be sure that someone with database access cannot decrypt the data?

There have been no significant enhancements in pgcrypto, and there's no functionality to allow functions to be marked sensitive such that queries that use them don't get logged. (that'd fill one security hole and create another anyway).
–
Craig RingerFeb 28 '14 at 22:19

1 Answer
1

There have been no significant enhancements in pgcrypto, and there's no functionality to allow functions to be marked sensitive such that queries that use them don't get logged. That'd fill one security hole and create another anyway.

So long as you don't actually store the key in the DB, you're not inherently giving the DB the ability to decrypt the data. You're just increasing the risk of key exposure through logs, network protocol captures (if not SSL), pg_stat_activity, etc. If you trust both the DB server and app server, this may not actually matter as much. Nonetheless, I still think it's better that the DB never see the decryption keys at all.